LibLogicalAccess  2.5.0
An Open Source RFID Library
Loading...
Searching...
No Matches
desfirecrypto.hpp
Go to the documentation of this file.
1
7#ifndef DESFIRECRYPTO_HPP
8#define DESFIRECRYPTO_HPP
9
10#include <logicalaccess/plugins/cards/desfire/desfireaccessinfo.hpp>
11#include <logicalaccess/plugins/crypto/des_cipher.hpp>
12#include <logicalaccess/plugins/crypto/aes_cipher.hpp>
13
14#include <memory>
15#include <string>
16#include <vector>
17#include <iostream>
18#include <string>
19#include <logicalaccess/iks/RemoteCrypto.hpp>
20
21namespace logicalaccess
22{
26typedef enum {
27 CM_LEGACY = 0x00, // D40
28 CM_ISO = 0x01, // EV1
29 CM_EV2 = 0x02 // EV2
30} CryptoMethod;
31
32// manage desfire crypto operation through iks.
33struct IKSCryptoWrapper
34{
35 // IKS would generate a temporary key
36 // after a proper Desfire authentication (through IKS).
37 // Obviously key name is non-guessable and is unique per client / auth process
38 std::string remote_key_name;
39
40 // Simply the last signature received when we call aes_decrypt() through
41 // and IKSRPCClient.
42 SignatureResult last_sig;
43};
44
48class LLA_CARDS_DESFIRE_API DESFireCrypto
49{
50 public:
54 DESFireCrypto();
55
59 virtual ~DESFireCrypto();
60
65 void appendDecipherData(const ByteVector &data);
66
72 virtual ByteVector desfireDecrypt(size_t length);
73
80 virtual bool verifyMAC(bool end, const ByteVector &data);
81
87 virtual ByteVector generateMAC(unsigned char cmd, const ByteVector &data);
88
95 virtual ByteVector desfireEncrypt(const ByteVector &data,
96 const ByteVector &param = ByteVector(),
97 bool calccrc = true);
98
99 ByteVector iso_encipherData(bool end, const ByteVector &data,
100 const ByteVector &param = ByteVector());
101
114 static short desfire_crc16(const void *data, size_t dataLength);
115
122 static uint32_t desfire_crc32(const void *data, size_t dataLength);
123
132 static ByteVector desfire_CBC_send(const ByteVector &key, const ByteVector &iv,
133 const ByteVector &data);
134
143 static ByteVector desfire_CBC_receive(const ByteVector &key, const ByteVector &iv,
144 const ByteVector &data);
145
156 static ByteVector desfire_CBC_mac(const ByteVector &key, const ByteVector &iv,
157 const ByteVector &data);
158
167 static ByteVector sam_CBC_send(const ByteVector &key, const ByteVector &iv,
168 const ByteVector &data);
169
176 static ByteVector desfire_mac(const ByteVector &key, ByteVector data);
177
186 static ByteVector desfire_encrypt(const ByteVector &key, ByteVector data,
187 bool calccrc = true);
188
200 ByteVector
201 desfire_iso_encrypt(const ByteVector &key, const ByteVector &data,
202 std::shared_ptr<openssl::OpenSSLSymmetricCipher> cipher, const ByteVector &param = ByteVector(),
203 bool calccrc = true);
204
213 static ByteVector sam_encrypt(const ByteVector &key, ByteVector data);
214
223 static ByteVector desfire_decrypt(const ByteVector &key, const ByteVector &data,
224 size_t datalen);
225
236 ByteVector
237 desfire_iso_decrypt(const ByteVector &key, const ByteVector &data,
238 std::shared_ptr<openssl::OpenSSLSymmetricCipher> cipher, size_t datalen);
239
247 ByteVector desfire_iso_decrypt(const ByteVector &data, size_t length);
248
257 ByteVector desfire_cmac(const ByteVector &key,
258 std::shared_ptr<openssl::OpenSSLSymmetricCipher> cipherMAC, const ByteVector &data);
259
265 ByteVector desfire_cmac(const ByteVector &data);
266
275 virtual ByteVector authenticate_PICC1(unsigned char keyno, ByteVector diversify,
276 const ByteVector &encRndB);
277
283 virtual void authenticate_PICC2(unsigned char keyno, const ByteVector &encRndA);
284
295 ByteVector iso_authenticate_PICC1(unsigned char keyno, ByteVector diversify,
296 const ByteVector &encRndB, unsigned int randomlen);
297
304 void iso_authenticate_PICC2(unsigned char keyno, const ByteVector &encRndA1,
305 unsigned int randomlen);
306
315 ByteVector aes_authenticate_PICC1(unsigned char keyno, ByteVector diversify,
316 const ByteVector &encRndB);
317
324 ByteVector aes_authenticate_PICC1_GENERIC(unsigned char keyno,
325 const std::shared_ptr<Key> &key,
326 const ByteVector &encRndB);
327
333 void aes_authenticate_PICC2(unsigned char keyno, const ByteVector &encRndA1);
334
335 void aes_authenticate_PICC2_GENERIC(unsigned char keyno,
336 const std::shared_ptr<Key> &key,
337 const ByteVector &encRndA1);
338
342 void initBuf();
343
350 static void getKey(std::shared_ptr<DESFireKey> key, ByteVector diversify,
351 ByteVector &keydiv);
352
358 static void getKeyVersioned(std::shared_ptr<DESFireKey> key,
359 ByteVector &keyversioned);
360
365 void selectApplication(size_t aid);
366
374 virtual ByteVector changeKey_PICC(uint8_t keyno, ByteVector oldKeyDiversify,
375 std::shared_ptr<DESFireKey> newkey,
376 ByteVector newKeyDiversify,
377 unsigned char keysetno = 0);
378
379 void setCryptoContext(ByteVector identifier);
380
381 void createApplication(int aid, uint8_t maxKeySlotNb, uint8_t maxNbKeys,
382 DESFireKeyType cryptoMethod);
383
384 void setIdentifier(ByteVector identifier)
385 {
386 d_identifier = identifier;
387 }
388
389 ByteVector getIdentifier() const
390 {
391 return d_identifier;
392 }
393
399 static std::shared_ptr<DESFireKey> getDefaultKey(DESFireKeyType keyType);
400
404 virtual void setDefaultKeysAt(std::shared_ptr<Location> location);
405
413 virtual void setKey(size_t aid, uint8_t keyslot, uint8_t keyno,
414 std::shared_ptr<DESFireKey> key);
415
423 virtual void setKeyInAllKeySet(size_t aid, uint8_t keySlotNb, uint8_t nbKeys,
424 std::shared_ptr<DESFireKey> key);
425
429 virtual void clearKeys();
430
437 std::shared_ptr<DESFireKey> getKey(uint8_t keyslot, uint8_t keyno) const;
438
439 protected:
448 bool getKey(size_t aid, uint8_t keyset, uint8_t keyno, ByteVector diversify,
449 ByteVector &keydiv);
450
458 bool getKey(uint8_t keyset, uint8_t keyno, ByteVector diversify, ByteVector &keydiv);
459
467 std::shared_ptr<DESFireKey> getKey(size_t aid, uint8_t keyslot, uint8_t keyno) const;
468
472 std::map<std::tuple<size_t, uint8_t, uint8_t>, std::shared_ptr<DESFireKey>> d_keys;
473
474 public:
478 CryptoMethod d_auth_method;
479
483 std::shared_ptr<openssl::OpenSSLSymmetricCipher> d_cipher;
484
488 unsigned int d_mac_size;
489
493 ByteVector d_sessionKey;
494
498 ByteVector d_authkey;
499
503 ByteVector d_lastIV;
504
508 unsigned int d_currentAid;
509
513 unsigned char d_currentKeyNo;
514
515#ifndef SWIG
516 // If present it means we use IKS...
517 std::unique_ptr<IKSCryptoWrapper> iks_wrapper_;
518#endif
519
527 SignatureResult get_last_signature() const;
528
529 protected:
533 ByteVector d_buf;
534
538 ByteVector d_last_left;
539
543 ByteVector d_rndA;
544
548 ByteVector d_rndB;
549
553 ByteVector d_identifier;
554};
555}
556
557#endif /* DESFIRECRYPTO_HPP */
aes_cipher.hpp
AES cipher class.
logicalaccess::DESFireCrypto
DESFire cryptographic functions.
Definition: desfirecrypto.hpp:49
logicalaccess::DESFireCrypto::d_auth_method
CryptoMethod d_auth_method
The current authentication method.
Definition: desfirecrypto.hpp:478
logicalaccess::DESFireCrypto::d_last_left
ByteVector d_last_left
The last left buffer for card command.
Definition: desfirecrypto.hpp:538
logicalaccess::DESFireCrypto::d_lastIV
ByteVector d_lastIV
The last Initialization Vector (DESFire native mode).
Definition: desfirecrypto.hpp:503
logicalaccess::DESFireCrypto::d_cipher
std::shared_ptr< openssl::OpenSSLSymmetricCipher > d_cipher
The current cipher.
Definition: desfirecrypto.hpp:483
logicalaccess::DESFireCrypto::d_rndB
ByteVector d_rndB
The random number B.
Definition: desfirecrypto.hpp:548
logicalaccess::DESFireCrypto::setIdentifier
void setIdentifier(ByteVector identifier)
Definition: desfirecrypto.hpp:384
logicalaccess::DESFireCrypto::d_identifier
ByteVector d_identifier
The card identifier use for key diversification.
Definition: desfirecrypto.hpp:553
logicalaccess::DESFireCrypto::d_keys
std::map< std::tuple< size_t, uint8_t, uint8_t >, std::shared_ptr< DESFireKey > > d_keys
Definition: desfirecrypto.hpp:472
logicalaccess::DESFireCrypto::d_rndA
ByteVector d_rndA
The random number A.
Definition: desfirecrypto.hpp:543
logicalaccess::DESFireCrypto::getIdentifier
ByteVector getIdentifier() const
Definition: desfirecrypto.hpp:389
logicalaccess::DESFireCrypto::d_mac_size
unsigned int d_mac_size
The MAC size.
Definition: desfirecrypto.hpp:488
logicalaccess::DESFireCrypto::d_sessionKey
ByteVector d_sessionKey
The current session key.
Definition: desfirecrypto.hpp:493
logicalaccess::DESFireCrypto::d_buf
ByteVector d_buf
The temporised buffer.
Definition: desfirecrypto.hpp:533
logicalaccess::DESFireCrypto::d_currentAid
unsigned int d_currentAid
The current Application ID.
Definition: desfirecrypto.hpp:508
logicalaccess::DESFireCrypto::d_authkey
ByteVector d_authkey
The authentication key.
Definition: desfirecrypto.hpp:498
logicalaccess::DESFireCrypto::iks_wrapper_
std::unique_ptr< IKSCryptoWrapper > iks_wrapper_
Definition: desfirecrypto.hpp:517
logicalaccess::DESFireCrypto::d_currentKeyNo
unsigned char d_currentKeyNo
The current Key number.
Definition: desfirecrypto.hpp:513
des_cipher.hpp
DES cipher class.
desfireaccessinfo.hpp
DESFireAccessInfo.
ByteVector
std::vector< uint8_t > ByteVector
Definition: lla_fwd.hpp:80
logicalaccess
Definition: asn1.hpp:9
logicalaccess::CryptoMethod
CryptoMethod
The cryptographic method.
Definition: desfirecrypto.hpp:26
logicalaccess::CM_ISO
@ CM_ISO
Definition: desfirecrypto.hpp:28
logicalaccess::CM_EV2
@ CM_EV2
Definition: desfirecrypto.hpp:29
logicalaccess::CM_LEGACY
@ CM_LEGACY
Definition: desfirecrypto.hpp:27
logicalaccess::DESFireKeyType
DESFireKeyType
The DESFire key type.
Definition: desfirekey.hpp:33
logicalaccess::IKSCryptoWrapper
Definition: desfirecrypto.hpp:34
logicalaccess::IKSCryptoWrapper::last_sig
SignatureResult last_sig
Definition: desfirecrypto.hpp:42
logicalaccess::IKSCryptoWrapper::remote_key_name
std::string remote_key_name
Definition: desfirecrypto.hpp:38
logicalaccess::SignatureResult
Definition: RemoteCrypto.hpp:9
Generated on Wed Mar 29 2023 13:50:37 for LibLogicalAccess by   doxygen 1.9.6